Gap found during prepare SOA. Does it need to have time frame of remediation action to close it before internal audit activity and first certification of I so 27001?
Supplier Assessment questionnaire
I’ve been looking through our toolkit for a Supplier Assessment questionnaire. Is there such a document or would we need to draw one up?
Risk Treatment Plan Template
I do not have Risk Treatment Table, I only have Risk Treatment Plan. Could you please explain Risk Treatment Table in more detail? Our current risk assessment is very different comparing to yours, and I could take a closer look at your process.
Standards for IT procedures and policies
1. How to define IT Security Policy & Operation security policy? I am looking support or information which standard I should used ?
Vulnerability identification
Is a complicated configuration procedure (a lot of manual work) a vulnerability for an information system's information security? This vulnerability may lead to errors, customers dissatisfaction and thus loss of customers. Am I wrong?
Risk assessment report
Is the risk assessment report just the risk assessment or is the report suppose to be a separate document from the risk assessment?
BCMS performance indicators
Am currently working on an implementation project for BCMS. More specifically, am looking at Clause 9.1.1 and 9.1.2 from ISO 22031. Wondering if there's any performance metrics example that I can refer to, to meet these requirements?
When go for ISO 27001 certification
I would like to know when is the right time to do certification of ISO 27001 as we want to make sure that clients are going to trust us as we should have proper Policies and controls?
Toolkit content
I bought the 27001 toolkit docs and I am looking in annex a, it seems to be missing 5 and 18? Can you explain why those 2 controls are not documented?
CRISC or ISO 27001 certifications
I am an Internal Audit Officer. I am confused going for CRISC or ISO 27001 since I already CISA. Need help.